Keeping Technology Protected from Cyberattacks
As the country has shifted to working from home, companies are grappling with an increase in cyberattacks. These assaults on technology reinforce the need for robust cybersecurity solutions to keep data and systems protected.
Hackers are exploiting employee vulnerabilities and fears related to the COVID-19 pandemic and economic downturn. As a result, there is an urgent desire for information about public health and government responses, including personal and business stimulus programs.
Unfortunately, hackers know these fears all too well and are launching aggressive phishing campaigns. These campaigns claim to be from reputable health organizations such as the Centers for Disease Control and Prevention (CDC) or the World Health Organization, or law enforcement agencies, hospitals, the IRS or other government agencies.
In most cases, the attacks claim to be from an official and contain an attachment or website link. Clicking on the link or attachment launches a malware attack. Those attacks embed files in the user’s computer that can lead to data theft or ransomware attacks.
How Prevalent Are Cyberattacks During the Pandemic?
While statistics on U.S. cyberattacks are difficult to find, anecdotal evidence supports a rise in malicious activity. Consider the following:
- The WHO reported a fivefold increase in hacking attempts against the global health agency compared to a year ago. The attacks include the successful theft of 450 email addresses of current and retired WHO employees.
- Despite assertions from some hacker groups that they would not target healthcare organizations the Czech Republic reported attempts against an airport and several hospitals, likely by a nation-state
- During a panel discussion sponsored by the Aspen Institute, Tonya Ugoretz, deputy assistant director of the FBI’s cyber division, warned that nation-supported hackers are trying to steal information from companies researching COVID-19 treatments.
- In March, hackers successfully launched a ransomware attack against the Champaign-Urbana Public Health District. The attack kept the agency that serves 200,000 people without a working website for several days.
- In March, Barracuda Networks found a 667 percent uptick in phishing emails using coronavirus as a topic, according to a report in TheHill.com. Other security firms have reported similar growth in identified attacks.
In April 2020, two agencies, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the U.K.’s National Cyber Security Centre, issued a joint release on the ways hackers are exploiting the COVID-19 crisis.
In addition to the email phishing attacks, the alert notes several other attack types that have increased in recent weeks:
- Text phishing campaigns that use financial incentives as bait. The COVID-19 schemes use SMS messages to ask for names, addresses emails and banking information, claiming to need the data to process unemployment or stimulus claims.
- Credential spoofs that crate fake login pages for sites like Google or Microsoft. Once a user enters a password, hackers can access inboxes and address books to look for financial information.
- Telework tools are a popular source of scams. As millions of users adapt to using Microsoft Teams and Zoom, users are giving hackers access to those tools and, in some cases, using them for phishing bait.
How Can We Protect Employees from Cyberthreats During the Pandemic?
Employee education is a crucial deterrent to cyberattacks. Here are some tips for keeping your employees protected:
- Do not share login information or financial information over email.
- Know that large tech companies and government agencies will not ask you or usernames or passwords via email or over the phone
- If you suspect an email as malicious, hover over the sender’s name or hyperlinks.
- Look for spelling and grammatical errors in emails and texts.
- Use built-in security tools like requiring passwords when using videoconferencing tools like Zoom.